Adobe Illustrator hit by hacker attack

Adobe has been hit by a hacker attack on its Illustrator software

Adobe is scrambling to fix a newly disclosed bug in its Illustrator software, even as it prepares another security patch for next week.

Earlier this week, an unidentified hacker posted a proof of concept attack, showing how the Illustrator vulnerability could be leveraged to run unauthorised software on a victim's computer. Adobe said that it was investigating the attack, but it's not clear when the software company will fix the issue.

For this attack to work, the users must open a maliciously crafted Encapsulated PostScript (.eps) file in Illustrator, Adobe said in a blog post.

Because this attack code is now public and available to cyber-criminals, this flaw could become a serious issue.

However, Adobe Director of Product Security Brad Arkin said that his team has not yet confirmed that the attack could be used to install a virus on a computer. "We've been able to trigger a crash on at least one version and platform," he said. "As soon as we get all of our details together we'll do an advisory."

Related

Meanwhile, Adobe plans to fix other critical bugs in its Flash Player software next Tuesday. This update is not related to the Illustrator issue and had been previously scheduled, Arkin said. "As far as we can tell, the [Illustrator] bug has absolutely nothing to do with Flash Player."